https://zimbabwe.misa.org Cybersecurity and Cybercrime Laws in the SADC Region Recommendations Recommendations of this report are proffered at the level of regional, sub-regional body, national governments, civil society organisations, media and academia. In short, the main thrust of the section is to underscore the need for state and non-state actors to ensure cybersecurity and cybercrime legislation is used to promote freedom of expression and right to privacy. African Union It is equally important to ensure that the enacted and proposed domestic laws of Southern African countries are aligned with the AU model Law on Cyber Security and Personal Data Protection and the African Declaration on Internet Rights and Freedoms. Member States must not simply “copy and paste” the full name of the Model Law without domesticating it to their own context. Rather it is imperative for them to draft separate laws dealing with cybersecurity and cybercrime on the one hand and data protection on the other hand. Member states must strive to fulfill the full import of Article 25 of the Convention, which calls upon State Parties to ensure that proposed or enacted cybersecurity and cybercrimes laws do not infringe on the rights of citizens guaranteed under the national constitution and internal laws, and protected by international conventions, particularly the African Charter on Human and Peoples’ Rights, and other basic rights such as freedom of expression, the right to privacy and the right to a fair hearing, among others. Southern African countries must adhere to the principles governing the processing of personal data as enumerated in Article 13 of the AU Model Law. These include: consent and legitimacy of personal data processing, lawfulness and fairness in personal data processing, purpose, relevance and storage of processed personal data, accuracy of personal data, transparency of personal data processing, and confidentiality and security of personal data processing. SADC Instead of adopting a wholesale “cutting and pasting” of the SADC Model Law, member states must endeavor to cherry pick the most progressive provisions that speak to their peculiar context. For instance, section 25 of the Model Law, which address issues related to search and seizure of electronic equipment suspected to have been used to commit an offence or suspected to contain information proving the commission of an offence has been critiqued for infringing on the right to privacy. Article 25 of the Model Law must be amended in order to promote and protect the right to privacy in the digital age. National Governments There is need for countries in SADC region to adopt a Human Rights-Based Approach. Such an approach will ensure that the enacted or proposed legislation take into account the urgent need to balance cybersecurity needs with the need to protect and promote the fundamental right to privacy. This can be done through integrating international human rights system norms, principles (necessary and proportionate principles) and standards (model laws) and goals. Member States must ensure that cybersecurity and cybercrime laws are aligned with national constitutions. These laws must endeavor to promote the right to privacy and freedom of expression. There is need to ensure cybersecurity 37